Privacy Policy

Church of Ireland Press Limited t/a The Church of Ireland Gazette – Privacy Policy

Policy statement

Everyone has rights in connection with how their personal information is handled. In the course of our activities we will collect, store and process personal information about our staff, customers, suppliers and other third parties. We understand and support the need the need to treat such information in an appropriate and lawful manner.

We will take very seriously any breach of this policy and will act accordingly

2.The policy

a. The information we collect in the course of business includes details of current, past and prospective employees, customers and others who we communicate with in the normal course of business. The information, which may be held on paper or on computer or other media, is subject to legal safeguards and restrictions under the Data Protection Act, 1998. (the Act)

b. The policy sets out the rules under which we will obtain, handle, store, process and destroy personal information.

c. The Office Manager of the Church of Ireland Gazette is responsible to the Board of Church of Ireland Press Limited for ensuring compliance with this policy, which has been established by the Board and will be reviewed on an annual basis.

d. Any questions or concerns you might have with respect to this policy or its operation should be raised in the first instance with: Ella McLoughlin at: Gazette@ireland.anglican.org

3. Definitions

a. Data is information which is stored electronically or in a paper based filing system.

b. Data subjects for the purpose of this policy are all living individuals about whom we hold personal data.

c. Personal data is data relating to a living individual who can be identified through the data, or through that data and other information held by us. Personal data can be factual (eg a name, date of birth or address) or an opinion which is held on record.

d. We are the Data Controller for our business, which means that we are responsible for how information is gathered, stored, used and destroyed.

e. Data users include employees whose work involves using personal data. They have a responsibility to ensure that the information they handle is used at all times in accordance with this policy.

f. Data processors include any person or organisation that processes personal data on behalf of a data controller.

g. Processing is any activity that involves the use of data, including obtaining, holding, amending or destroying data.

h. Sensitive personal data includes information about ethnicity, political opinions, religious or similar beliefs, trade union membership, physical or mental health, sexual life or any proceedings surrounding offences committed or alleged to have been committed by them. Such information may only be retained with the specific authority and express consent of the data subject.

4. Data protection principles

This policy is based on the eight enforceable principles of good practice, which establish that data must be:

a. Processed fairly and lawfully

We will set out for each data subject the purpose for which the data will be used

b. Processed for limited purposes and in an appropriate way

Personal data will be processed only for the specific purposes notified to the data subject when the data was collected, or for other purposes specifically permitted by the Act

c. Adequate, relevant and not excessive for the purpose

Personal data will only be collected to the extent that it is required for the specific purpose notified to the data subject

d. Accurate

Personal data held will be accurate and will be kept up to date. At regular intervals data subjects will be asked to verify their personal data. Inaccurate data will be destroyed, and/or corrected.

e. Not kept longer than necessary for the purpose

Personal data will not be kept longer than is necessary for the purpose and will be destroyed when no longer needed.

f. Processed in line with data subjects’ rights

Data subjects’ rights include:

The right to request access to any data held about them

The right to have inaccurate data amended

g. Secure

We will ensure that appropriate measures are taken to protect personal data from the point of collection to the point of destruction.

h. Not transferred to people or organisations without adequate protection

No personal data held by us will be disclosed to a third party, except where the disclosed purpose requires it, for example where an address is disclosed for delivery of an item specifically ordered by the data subject.

i. Monitoring and review of this policy

The policy is reviewed at least annually by the data controller, Church of Ireland Press Limited, to ensure that it is achieving its stated objectives.